Web API Security | Basic Auth, OAuth, OpenID Connect, Scopes & Refresh Tokens
There is a lot that goes into securing a Web API. In this video, I discuss why the industry decided to move on from Basic Authentication and OAuth 2.0 took over as the new standard of securing Web APIs. This video also covers how OpenID Connect works together with OAuth to solve both Authentication and Authorization. Scopes and deciding how to use scopes in OAuth is tricky, I also cover some tips for making those decisions. Finally, I talk about refresh tokens and how they help deal with token expiry. #WebAPIDesign #OAuth #OpenIDConnect Web API Design Series - Episode 1 - • REST vs RPC vs GraphQL API - How do I pick... Web API Design Series - Episode 2 - • Webhooks vs Websockets vs HTTP Streaming -... Timecodes 0:00 - Intro 2:06 - Basic Authentication 5:05 - OAuth 10:16 - OpenID Connect 11:23 - Scopes 13:55 - Refresh Tokens
OAuth 2.0 using Auth0 | React.js and Node.js
OAuth 2.0 and OpenID Connect (in plain English)
Top 12 Tips For API Security
Webhooks vs Websockets vs HTTP Streaming - Which Event-Driven API to use?
An Illustrated Guide to OAuth and OpenID Connect
OAuth is Broken Without This | Meet PKCE
Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)
API Authentication EXPLAINED! 🔐 OAuth vs JWT vs API Keys 🚀
How to Design APIs Like a Senior Engineer (REST, GraphQL, Auth, Security)
Web API Rate Limiting - Why it's so IMPORTANT for your APIs
5 Best Practices for Securing Your APIs
How to Design APIs Like a Senior Engineer (REST, GraphQL, Auth, Security)
APIs 101: How I Secure APIs / What Does it Mean to Secure an API? Part 9
REST vs RPC vs GraphQL API - How do I pick the right API paradigm?
What is JWT? JSON Web Tokens Explained (Java Brains)
API Authentication: JWT, OAuth2, and More
How to Build an Effective API Security Strategy
Every API Authentication Method Explained (Don’t Choose the Wrong One)
What Is JWT and Why Should You Use JWT
